Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Industry Reacts to Verizon DBIR 2026 as Vulnerability Exploitation Takes Top Spot

by Guru Writer
May 21, 2026
in Insight
Data Breach Cyber attack code
Share on FacebookShare on Twitter

The 2026 Verizon Data Breach Investigations Report (DBIR) has sparked widespread industry reaction, with security leaders warning that AI-enabled attacks, vulnerability exploitation, and third-party risk are reshaping the threat landscape faster than many organisations can respond.

For the first time in the report’s history, vulnerability exploitation overtook stolen credentials as the leading initial access vector, a shift many experts say reflects both AI acceleration and growing operational strain on defenders.

Collin Hogue-Spears, senior director of solution management at Black Duck, said the findings show traditional patching strategies are no longer enough. “Vulnerability exploitation topped the DBIR because AI-accelerated attacks outrun patching. AI did not create that gap. AI erased the head start defenders used to have,” he said.

Hogue-Spears argued organisations should prioritise “patching by reachability” rather than attempting to remediate every vulnerability equally. “The losing strategy patches by volume. The winning one patches by reachability and contains the rest,” he explained. “Reachability analysis separates the flaws attackers can actually exploit from the ones that only look dangerous.”

He also warned against relying purely on CVSS severity scores. “CVSS tells you how bad a flaw can be. KEV tells you which flaws attackers already use,” he said, urging security teams to prioritise the CISA Known Exploited Vulnerabilities catalogue alongside compensating controls such as egress restrictions and behavioural allowlists.

While vulnerabilities dominated headlines, several experts cautioned against overlooking the continued importance of credential-based attacks. Mike Greene, CEO at Enzoic, noted that credential abuse still played a role in 39% of breaches.  “The headline will be that vulnerabilities overtook credentials, but that’s a dangerous misread,” Greene said. “Users are four times more likely to be using an already-compromised password than a weak one.” He added that organisations have focused too heavily on password complexity while ignoring password exposure. “Companies are winning the complexity battle but losing the exposure war,” he said.

Greene also pointed to ransomware trends identified in the DBIR, noting that “three out of four victims had a prior credential leak,” often occurring within three months of the attack. “The Dark Web is well established as the Amazon Prime for reselling compromised credentials to cybercriminals,” he added.

Brian Higgins, security specialist at Comparitech, said the report should influence both security strategy and budget allocation. “The DBIR is always a useful publication,” Higgins said. “A study of results and trends should inform a lot of budget allocation and decision making in the coming periods.” He highlighted three major themes from the report: the rise of vulnerability exploitation, growing risks associated with unauthorised AI use, and the continued surge in third-party attacks. “Third party and supply chain attacks now account for almost half of all reported breaches,” he said. “It’s more vital than ever to have a plan for when things go sideways.”

The role of AI emerged as a recurring concern throughout industry commentary, with several experts warning that organisations are struggling to keep pace with AI-driven attack capabilities. Damian Skeeles, senior manager of solution engineering at Filigran, described the report as “the ominous darkening skies and distant rumble of an approaching AI-enabled storm.”  Scott Dowset, senior solution engineer at Filigran, added: “The newly released 2026 DBIR reveals a chilling shift: vulnerability exploits have officially dethroned stolen credentials as the number one breach entry point.”

KnowBe4’s lead CISO advisor Javvad Malik argued that the findings reflect operational and organisational challenges as much as technical ones. “The spike in vulnerability exploitation says more about institutional discipline than it does about cutting-edge exploits,” Malik said. “It is increasingly a story of organisations unable to patch what they cannot find, whilst security teams juggle AI-accelerated threats and undocumented supply chains.” He added that security basics must become a board-level priority. “If we are serious about closing this gap, we must stop treating basic hygiene as a back-office task and give it strategic priority,” he said.

Anna Collard, CISO advisor at KnowBe4, said defenders are facing a growing “capacity crisis” as AI, supply chain complexity, and expanding attack surfaces converge.  “The statistic that 31% of breaches now involve vulnerability exploitation reflects how quickly attackers are operationalising known flaws, often faster than organisations can patch them,” she said. Collard also warned that modern organisations now operate within highly interconnected ecosystems. “Every supplier, SaaS platform, API, or AI-enabled workflow potentially extends the trust boundary,” she said. “That makes cyber resilience not just a technical issue, but increasingly a governance, visibility, and ecosystem-trust challenge.”

Darren Guccione, CEO and co-founder of Keeper Security, said the report demonstrates how rapidly AI is changing cybercriminal operations. “For the first time in the report’s 19-year history, vulnerability exploitation has overtaken stolen credentials as the leading initial access vector,” Guccione said. “AI is driving that change, compressing the time it takes for attackers to weaponise known flaws from months to hours.” He warned that many organisations still lack sufficient visibility into credential misuse and privileged access abuse. “Nearly three quarters of organisations reported they are not detecting credential misuse or unauthorised privileged access in real time,” he said.

Guccione also pointed to the rise of “shadow AI” usage, noting that frequent use of unapproved AI tools by employees has tripled to 45% of the workforce in a single year. “Supply chain exposure and mobile social engineering round out a picture of an attack surface that is not only growing, but fragmenting in ways that traditional controls were not designed to address,” he added.

Across the industry, the consensus is clear: the 2026 DBIR reflects a threat landscape increasingly shaped by AI acceleration, widening supply chain dependencies, and shrinking response windows for defenders. Many experts believe organisations must now prioritise resilience, visibility, and operational discipline if they are to keep pace with the speed and scale of modern cyber threats.

ShareTweet
Previous Post

Critical flaw in software powering a third of the internet is already being exploited – free checker now available

Next Post

Proton Launches Credential Tokens to Tackle AI Agent Security Gap

Recent News

pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol